CVE-2025-56219
Modified Modified - Updated After Analysis

BaseFortify

Vulnerability report for CVE-2025-56219, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-20

Last updated on: 2026-07-05

Assigner: MITRE

Description

Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-20
Last Modified
2026-07-05
Generated
2026-07-06
AI Q&A
2025-10-20
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ascertia signinghub to 8.6.8 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in SigningHub v8.6.8 is due to incorrect access control on the Add User API, which lacks rate limiting. This allows attackers to rapidly and arbitrarily create a large number of user accounts, potentially leading to resource exhaustion and a Denial of Service (DoS) condition. [1]

Impact Analysis

The vulnerability can impact you by allowing an attacker to exhaust system resources through the automated creation of many user accounts. This can cause database bloating and ultimately result in a Denial of Service (DoS), making the service unavailable or degraded. [1]

Detection Guidance

Detection can focus on monitoring the Add User API usage for unusually high or rapid account creation attempts, as the vulnerability allows attackers to create many user accounts without rate limiting. Specific commands are not provided in the resources, but network or application logs should be analyzed for excessive Add User API calls or spikes in user account creation. [1]

Mitigation Strategies

Immediate mitigation involves implementing rate limiting on the Add User API to prevent automated rapid creation of user accounts. Additionally, upgrading SigningHub to a version later than 8.6.8 where the vulnerability is fixed is recommended. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-56219. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart